Ages ago we had a tip on how to apply IP restrictions to your IFD CRM on-premises deployment. Traditional “this is unsupported” disclaimer followed. There is a way, however, to make it a) supported and b) infinitely more flexible and useful.

Enter Application Request Routing. Basically, the idea is to put a small IIS server as your “front” web server and then use ARR to route requests to the “backend” web server. In this configuration your “front” server does not need to have any CRM components installed at all as its sole purpose is to route requests.

Steps

Configure default web site to listen on 443 with your IFD certificate

Install ARR

Create a server farm in Application Request Routing and add your CRM server to it

Apply IP filtering by tweaking web.config on your “front” server. Since we are not touching CRM installation, we are on the supported side.

Add more CRM web servers to the farm and do load balancing that is more flexible than NLB (network load balancing), traditionally used with CRM web servers.

Configure URL rewrite and introduce vanity URL for your deployment, e.g. make your internal and external URLs the same; this has been done before but now we are supported as we are not touching CRM servers.